Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.

Digital Evidence Acquisition: Protecting your Case

Learn basic concepts of digital evidence acquisition, and how you can obtain and protect evidence relating to computers.

4.3
(2 ratings)

Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.

This course provides an introduction to acquiring digital evidence relating to computer crimes. Tools of the trade will be identified and shown how to use in a forensically sound environment, that will protect evidence. Forensic images will be created and used to preview, files, obtain protected files, and mount disk images in order to find and retrieve evidence.

These slides provide a brief introduction on what digital evidence is, where we can find it, why we might need it, and how to collect it. There is currently no commentary associated with these slides, so feel free to post questions you might have. The External Resource provides the link to the National Institute of Justice website with additional information regarding how digital evidence is defined.

Defining Evidence

9 pages

This presentation outlines roles and responsibilities associated with digital forensic investigations, based on the FORZA framework. Students will be able to identify the three majors roles relating specifically to digital evidence acquisition, and what those roles will accomplish in relation to investigations and evidence collection.

Evidence Roles and Responsibilities

12 pages

+–

Forensic Tool Tutorials

4 Lectures
22:45

This tool enables the forensic investigator to obtain a memory dump from RAM of a computer that has been seized in conjunction with a crime. Caution: This tool must be used prior to shutting down the computer, otherwise whatever evidence might have been there will be lost.

My current education includes: BA, in History from Portland State University (1993); MBA, from University of Portland (1997); Ph.D. in Information Systems, Security Emphasis (CNSS Certificate) from Nova Southeastern University (2003-2008); CEH (2010); CPT (2010); GCFE (2013); GCFA (2013).

Work in the Security field began in 2006, which includes teaching security courses with my current employer, Southern Utah University. I began teaching internet forensics and network forensics in 2013, after completing the GCFE and GCFA certifications. I also freelance in forensics and security as the opportunity arises.